Selective Encryption of Data Stored on Removable Media in an Automated Data Storage Library

1. A system for selective encryption of data in a data storage drive within a data storage library, comprising: a user interface through which to receive a user input of one or more encryption policies, each encryption policy including a level of encryption, one or more cartridge identifiers, each cartridge identifier providing an encryption key representing a data cartridge stored in the library, and each cartridge identifier providing an identification of an encryption key to be used to encrypt data written to media in a data cartridge; at least one hardware processor device configured to: obtain a cartridge identifier of a data cartridge loaded into the storage drive; read one or more identifiers selected from the group comprising a bar code label affixed to the loaded data cartridge, a non-bar code machine readable label affixed to the loaded data cartridge, a value stored on media within the loaded data cartridge, a value stored within a cartridge memory of the loaded data cartridge, and an RFID tag affixed to the loaded data cartridge; and match the cartridge identifier with an associated encryption policy stored in the storage drive, the matching of the cartridge identifier with the associated encryption policy being performed at the storage drive; and a library-drive interface configured to: transmit a request to a key server for an encryption key in response to matching the cartridge identifier with a corresponding encryption policy; and receive the requested encryption key from the key server; and an encryption controller to encrypt data to be written to the loaded data cartridge, where data stored in the data storage library is selectively encrypted.

2. The system of claim 1 , further comprising a memory for storing the one or more encryption policies in an encryption policy table, wherein selecting an encryption policy for the specified data cartridge is performed by the storage drive.

3. A method for selective encryption of data in a storage drive within a data storage library, comprising: receiving a user input of one or more encryption policies, the one or more encryption policies being stored in a memory of a library-drive interface, each encryption policy including a level of encryption, one or more cartridge identifiers, each cartridge identifier representing a data cartridge stored in the library, and each cartridge identifier providing an identification of an encryption key to be used to encrypt data written to media in a data cartridge; obtaining a cartridge identifier of a data cartridge loaded into the storage drive; reading one or more identifiers selected from the group comprising a bar code label affixed to the loaded data cartridge, a non-bar code machine readable label affixed to the loaded data cartridge, a value stored on media within the loaded data cartridge, a value stored within a cartridge memory of the loaded data cartridge, and an RFID tag affixed to the loaded data cartridge; matching the cartridge identifier with an associated encryption policy stored in the storage drive, the matching of the cartridge identifier with the associated encryption policy being performed at the storage drive; and using the library-drive interface to: transmit a request to a key server for an encryption key in response to matching the cartridge identifier with a corresponding encryption policy; and receive the requested encryption key from the key server; and encrypting data to be written to the loaded data cartridge, where data stored in the data storage library is selectively encrypted.

4. The method of claim 3 , further comprising storing the one or more encryption policies in an encryption policy table, wherein selecting an encryption policy for the specified data cartridge is performed by the storage drive.

5. A computer program product for selective encryption of data in a storage drive within a data storage library using a processing device, the computer program product embodied on a non-transitory computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising: computer code for receiving a user input of one or more encryption policies, the one or more encryption policies being stored in a memory of a library-drive interface, each encryption policy including a level of encryption, one or more cartridge identifiers, each cartridge identifier providing an encryption key representing a data cartridge stored in the library, and each cartridge identifier providing an identification of an encryption key to be used to encrypt data written to media in a data cartridge; computer code for obtaining a cartridge identifier of a data cartridge loaded into the storage drive; computer code for reading one or more identifiers selected from the group comprising a bar code label affixed to the loaded data cartridge, a non-bar code machine readable label affixed to the loaded data cartridge, a value stored on media within the loaded data cartridge, a value stored within a cartridge memory of the loaded data cartridge, and an RFID tag affixed to the loaded data cartridge; computer code for matching the cartridge identifier with an associated encryption policy stored in the storage drive, the matching of the cartridge identifier with the associated encryption policy being performed at the storage drive; and computer code for using the library-drive interface to: transmit a request to a key server for an encryption key in response to matching the cartridge identifier with a corresponding encryption policy; and receive the requested encryption key from the key server; and computer code for encrypting data to be written to the loaded data cartridge, where data stored in the data storage library is selectively encrypted.

6. The computer program product of claim 5 , further comprising computer code for storing the one or more encryption policies in an encryption policy table, wherein selecting an encryption policy for the specified data cartridge is performed by the storage drive.